1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-16 03:42:41 +01:00
Commit graph

42 commits

Author SHA1 Message Date
epriestley
bdcba43f21 Formalize a mechanism for marking Conduit methods deprecated/unstable
Summary:
This is better than writing "(UNSTABLE!!!)" in front of the text description.

I'll add a wiki to keep track of API changes, too.

See also D2087, which motivates this.

Test Plan: Browsed console, saw "deprecated" and "unstable" on appropriate methods.

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T909

Differential Revision: https://secure.phabricator.com/D2271
2012-04-18 14:25:27 -07:00
epriestley
a5903d2a53 Use head_key() and last_key() to explicitly communicate intent
Summary:
PHP arrays have an internal "current position" marker. (I think because foreach() wasn't introduced until PHP 4 and there was no way to get rid of it by then?)

A few functions affect the position of the marker, like reset(), end(), each(), next(), and prev(). A few functions read the position of the marker, like each(), next(), prev(), current() and key().

For the most part, no one uses any of this because foreach() is vastly easier and more natural. However, we sometimes want to select the first or last key from an array. Since key() returns the key //at the current position//, and you can't guarantee that no one will introduce some next() calls somewhere, the right way to do this is reset() + key(). This is cumbesome, so we introduced head_key() and last_key() (like head() and last()) in D2161.

Switch all the reset()/end() + key() (or omitted reset() since I was feeling like taking risks + key()) calls to head_key() or last_key().

Test Plan: Verified most of these by visiting the affected pages.

Reviewers: btrahan, vrana, jungejason, Koolvin

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2169
2012-04-09 11:08:59 -07:00
vrana
8813c7be0e Use assert_instances_of() everywhere but Differential and Diffusion
Summary: NOTE: This is not produced by a script so there might be errors. Please review carefully.

Test Plan: Browse around.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2091
2012-04-03 14:53:20 -07:00
epriestley
b2890eeb0e Add "final" to all Phabricator "Controller" classes
Summary:
These are all unambiguously unextensible. Issues I hit:

  - Maniphest Change/Diff controllers, just consolidated them.
  - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects.
  - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962.

Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T795

Differential Revision: https://secure.phabricator.com/D1843
2012-03-09 15:46:25 -08:00
Bob Trahan
af295e0b26 OAuth Server enhancements -- more complete access token response and groundwork
for scope

Summary:
this patch makes the access token response "complete" relative to spec by
returning when it expires AND that the token_type is in fact 'Bearer'.

This patch also lays the groundwork for scope by fixing the underlying data
model and adding the first scope checks for "offline_access" relative to expires
and the "whoami" method.   Further, conduit is augmented to open up individual
methods for access via OAuth generally to enable "whoami" access.   There's also
a tidy little scope class to keep track of all the various scopes we plan to
have as well as strings for display (T849 - work undone)

Somewhat of a hack but Conduit methods by default have SCOPE_NOT_ACCESSIBLE.  We
then don't even bother with the OAuth stuff within conduit if we're not supposed
to be accessing the method via Conduit.   Felt relatively clean to me in terms
of additional code complexity, etc.

Next up ends up being T848 (scope in OAuth) and T849 (let user's authorize
clients for specific scopes which kinds of needs T850).  There's also a bunch of
work that needs to be done to return the appropriate, well-formatted error
codes.  All in due time...!

Test Plan:
verified that an access_token with no scope doesn't let me see
anything anymore.  :(  verified that access_tokens made awhile ago expire.  :(

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T888, T848

Differential Revision: https://secure.phabricator.com/D1657
2012-02-21 16:33:06 -08:00
Bob Trahan
be66a52050 Make conduit read access_token and login the pertinent $user
Summary: This makes the oauth server a bunch more useful.

Test Plan:
- used /oauth/phabricator/diagnose/ and it actually passed!
- played around with conduit via hacking URL to include access_token on a logged
out browser
- linked my account to itself by going to /settings/page/phabricator/, clicking
"link" account, then cutting and pasting the pertinent ?code=X into
/oauth/phabricator/login/.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T852

Differential Revision: https://secure.phabricator.com/D1644
2012-02-20 10:21:23 -08:00
epriestley
c8b4bfdcd1 Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks
Summary:
Some browsers will still sniff content types even with "Content-Type" and
"X-Content-Type-Options: nosniff". Encode "<" and ">" to prevent them from
sniffing the content as HTML.

See T865.

Also unified some of the code on this pathway.

Test Plan: Verified Opera no longer sniffs the Conduit response into HTML for
the test case in T865. Unit tests pass.

Reviewers: cbg, btrahan

Reviewed By: cbg

CC: aran, epriestley

Maniphest Tasks: T139, T865

Differential Revision: https://secure.phabricator.com/D1606
2012-02-14 14:51:51 -08:00
Bob Trahan
5caf9fb6da Conduit -- kill tabs
Summary:
this has a single side nav now.   added a Utilites section below the methods
which houses Logs and Token.

On logs I ended up deleting this whole concept of "view" and the existing side
nav -- I think there were plans to add a way to filter down to subset of the
conduit calls.  For logs, I envision that being a separate first class tool when
/ if we think we need additional complexity.

On token I made the form FULL so it was like the rest of the views in this page.

Test Plan:
looks good!   clicked on a few methods and it worked!  clicked on the
logs and they were there!  clicked on the pager within the logs and it worked!
checked out the token page and it looked good too.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T631

Differential Revision: https://secure.phabricator.com/D1499
2012-01-29 13:41:10 -08:00
epriestley
add1ae945d Use setConcreteOnly() in Phabricator and only list/launch concrete Daemons
Summary: We currently allow you to launch abstract daemons; use
setConcreteOnly() to only list/launch concrete daemons.

Test Plan: Ran "phd list" (no abstract daemons listed), "phd launch
PhabricatorRepositoryCommitDiscoveryDaemon" (reasonable error message).

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T801

Differential Revision: https://secure.phabricator.com/D1487
2012-01-25 11:50:59 -08:00
Bob Trahan
cf61f0e32d Adding an "ssh" client for conduit
Summary: ..."ssh" is in quotes 'cuz this is step 1 and there's no ssh in sight
at the moment.

Test Plan:
ran api.php PHID-USER-xee4ju2teq7mflitwfcs differential.query a few times...
 - tried valid input, it worked!
 - tried bad input, it worked in that it failed and told me so!
ran api.php crap_user differential.query a few times...
 - verified error message with respect to crap_user
ran api.php PHID-USER-xee4ju2teq7mflitwfcs crap_method a few times...
 - verified error message with respect to crap_method
visited http://phabricator.dev/conduit/method/differential.query a few times...
 - tried valid input, it worked!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, btrahan, epriestley

Maniphest Tasks: T550

Differential Revision: https://secure.phabricator.com/D1357
2012-01-13 11:54:13 -08:00
epriestley
f901befcf5 Bump Phabricator server version to 3
Summary: See D1257. Also make the error message more friendly, and remove a very
very old Facebook-specific error.

Test Plan:
  - Tried to diff with an older arc.
  - Tried to diff with a newer arc.
  - Diffed with the right arc.

Reviewers: btrahan, jungejason, aran

Reviewed By: aran

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1258
2011-12-22 06:44:48 -08:00
epriestley
19f2110e74 Allow "differential.getcommitmessage" to be called without a revision ID in
order to generate a template

Summary: See T614. This allows us to generate an empty template by calling
Conduit, so we can build command-line editing workflows for SVN, Mercurial, and
conservative-Git.

Test Plan: Used web console to invoke Conduit method; got a reasonable empty
template out of it.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley, btrahan

Differential Revision: 1156
2011-12-02 07:28:55 -08:00
epriestley
bd520076f9 Add optional keystroke support for AphrontPagerView
Summary: This is sort of silly but maybe useful? The real problem is that there
are like 500k conduit call logs and the real solution to that is better
filtering options, but this seems sort of okay.

Test Plan: Used "[" and "]" to switch between pages on the conduit call log.

Reviewers: btrahan, jungejason, nh, aran

Reviewed By: nh

CC: aran, nh, epriestley

Differential Revision: 1145
2011-12-01 10:16:12 -08:00
epriestley
77a5a3ab00 Add a basic Conduit log view
Summary:
The conduit access to Differential kind of sucks and we want to break
back-compat in order to fix it (see D1114).

To make it easier to pull this off, I want to build out the Conduit logging a
bit so administrators can identify which users are making deprecated calls.

We should probably build a little more infrastructure around this too (API
versions?), but this is at least a reasonable step forward which gives us more
insight into the use of Conduit and more tools to smooth the deprecation
process.

This initial commit is super basic but the interface currently says "stuff",
I'll build this out a little more in a bit.

Test Plan: Looked at call logs.

Reviewers: btrahan, nh, jungejason

Reviewed By: btrahan

CC: aran, btrahan

Differential Revision: 1144
2011-12-01 10:15:51 -08:00
Emil Hesslow
88dc9c471d Add actAsUser to API
Summary: createrevision creates the revision as the user which certificate is
used. Add a meta parameter to API calls named actAsUser so one user can create
revisions for someone else. Right now there is no authentication.

Test Plan: Called createrevision with one users cert and set actAsUser to
someone else. The revision was created as the actAsUser user.

Reviewers: epriestley, nh, jungejason

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: 1087
2011-11-08 08:12:31 -08:00
epriestley
661f077bf7 Replace callsites to sha1() that use it to asciify entropy with
Filesystem::readRandomCharacters()

Summary: See T547. To improve auditability of use of crypto-sensitive hash
functions, use Filesystem::readRandomCharacters() in place of
sha1(Filesystem::readRandomBytes()) when we're just generating random ASCII
strings.

Test Plan:
  - Generated a new PHID.
  - Logged out and logged back in (to test sessions).
  - Regenerated Conduit certificate.
  - Created a new task, verified mail key generated sensibly.
  - Created a new revision, verified mail key generated sensibly.
  - Ran "arc list", got blocked, installed new certificate, ran "arc list"
again.

Reviewers: jungejason, nh, tuomaspelkonen, aran, benmathews

Reviewed By: jungejason

CC: aran, epriestley, jungejason

Differential Revision: 1000
2011-10-21 11:55:28 -07:00
epriestley
abb39d06a2 Provide a better error message when a user enters a Conduit parameter string
without quotes around it (and similar)

Summary: See D1010. The API uniformly requires JSON, which is good for
strictness and predictablity but can be bad for UEX, especially considering that
we silently continue after failing to decode things. Toss the user a lifeline
when they make this common mistake.

Test Plan: Ran API calls with invalid and valid inputs. Invalid inputs gave me a
reasonable error message.

Reviewers: davidreuss, jungejason, nh, tuomaspelkonen, aran

Reviewed By: nh

CC: aran, nh

Differential Revision: 1012
2011-10-21 11:54:53 -07:00
epriestley
6dc193d3d9 Fully update library map. 2011-08-18 09:52:36 -07:00
epriestley
b42b78f65c Unguard another safe write in Conduit token generation. 2011-08-17 12:00:35 -07:00
epriestley
cd3a3bf759 Make Herald Rules sticky in X-Herald-Rules
Summary:
See T354. List every rule which has ever been applied in X-Herald-Rules, not
just the ones which most recently triggered.

Also some random fixes while I was debugging this:

  - When conduit methods throw non-conduit exceptions, make sure they get
logged.
  - Trigger the Facebook "tasks" backcompat block only if we were going to fail
(this should reduce the shakniess of the transition).
  - Fix some log spew from the new field stuff.

Test Plan:
  - Created a rule (ID #3) "No Zebras" which triggers for revisions without
"zebra" in the title.
  - Created a revision without "zebra" in the title, got X-Herald-Rules: <2>,
<3>
  - Updated revision to have "zebra" in the title, verified rule did not trigger
in Herald transcript.
  - Verified X-Herald-Rules is still: <2>, <3>

Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen
CC: aran, epriestley
Differential Revision: 817
2011-08-17 10:38:29 -07:00
epriestley
39b4d20ce5 Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.

  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**

Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.

Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-16 13:29:57 -07:00
epriestley
1048669158 Provide a paste.create Conduit method
Summary:
  - Allow the console to handle abstract classes correctly.
  - Move paste dictionary generation to an abstract base class.
  - Add paste.create.
  - Add 'objectName', 'parentPHID', and 'content' to Paste info dictionaries
(you can use filePHID with file.download to get the content but I think just
always sending it back is reasonable).

Test Plan:
  - Use paste.create to create new pastes.
  - Used paste.info to get existing pastes.
  - Checked console UI to make sure "paste." didn't show up or anything
silly/dumb like that.
  - Tried to call the method "paste" and got the right exception.

Reviewed By: codeblock
Reviewers: codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock
Differential Revision: 747
2011-07-29 19:00:04 -07:00
epriestley
ab0f09d115 Style tweaks for Conduit API console
Summary:
  - Use pretty JSON formatter for human-readable Conduit output
  - Fix some whitespace issues with format/layout.

Test Plan:
  - Looked at conduit console.
  - Looked at human-readable output of several calls.

Reviewed By: codeblock
Reviewers: codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock
Differential Revision: 740
2011-07-28 21:43:44 -07:00
epriestley
a5e22e87e2 Provide basic Conduit documentation. 2011-07-04 12:03:36 -07:00
epriestley
1cd1e1ed18 "arc install-certificate", server-side components
Summary:
Provides a new workflow for making it non-horrible to install certificates.
Basically you run "arc install-certificate" and then copy/paste a short token
off a webpage and it does the ~/.arcrc edits for you.

Test Plan:
Installed certificates, used bad tokens, hit rate limiting.

Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen
CC: aran
Differential Revision: 460
2011-06-20 05:18:02 -07:00
jungejason
a9e2e51b98 Enable updating task->revision assoc
Summary: add a conduit method to enable querying revisions' phid from
their revision_IDs, and another one to update the task->revision assoc.

Test Plan: for querying revision_phid method, tested empty, one, and two
revisions in the query. For the one to update the task->revision assoc,
I have another diff in facebook which verified it add and remove assoc
correctly.

Reviewers: tuomaspelkonen, epriestley

CC:

Differential Revision: 165
2011-04-26 19:14:47 -07:00
epriestley
bed2120b86 Fix systemAgent stuff. 2011-04-12 19:00:54 -07:00
epriestley
703fd47bd7 Sessionless auth, sort of a mess. 2011-04-12 18:06:25 -07:00
epriestley
a7ac8a04e0 Improve workflow for missing arcanist certificates. 2011-04-10 13:08:47 -07:00
epriestley
5e9d053f8e Provide $request->getUser() for Conduit API Requests
Summary:
Allow Conduit methods to retrieve the authoritative, logged-in user
identity.

Test Plan:
Ran user.whoami (an authenticated method) and got my info back. Ran
conduit.connect (an unauthenticated method) and the world did not explode.

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen
CC: tuomaspelkonen, epriestley
Differential Revision: 113
2011-04-07 20:16:37 -07:00
epriestley
361ec78b03 Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
jungejason
59e71b1156 Improve error message about missing certificate.
Summary: improve the error message by adding reference to documentation.

Test Plan: remove the certificate in .arcrc and run arc diff to see if
the improved error message shows up.

Reviewers: epriestley

CC:

Differential Revision: 53
2011-03-07 17:08:44 -08:00
epriestley
0b20c7a5ed Emit shielded JSON from Conduit endpoints.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-19 13:02:25 -08:00
epriestley
99a40ab666 Fix differential.find and the web API for the conduit console
Summary: differential.find was fataling in the console because of a bad
constant, and you couldn't submit requests requiring authentication because
the auth stuff didn't know to look for web sessions. Resolve these issues.

Test Plan: Hit differential.find successfully, ran a user.find query from
the web console without issues.

Reviewers: tomo

CC:

Differential Revision: 31
2011-02-09 22:43:24 -08:00
epriestley
605268f9aa Some acutal conduit authentication. 2011-02-05 22:36:21 -08:00
epriestley
a35ae4c2a0 Fix a reset() thingie. 2011-02-04 18:58:52 -08:00
epriestley
29f7219a49 CSRF / Logout 2011-01-30 18:52:29 -08:00
epriestley
de1fb8ac7d DifferentialRevisionEditor 2011-01-26 17:17:49 -08:00
epriestley
ccf7df6093 Authentication 2011-01-26 15:34:20 -08:00
epriestley
2bea542920 Conduit: user.find 2011-01-24 12:05:49 -08:00
epriestley
9f026d7892 Conduit: conduit.connect 2011-01-24 11:34:29 -08:00
epriestley
2aaa95e640 Conduit server-side basics. 2011-01-24 10:52:35 -08:00